Skip to main content
此產品有較新版本可以使用。
本繁體中文版使用機器翻譯,譯文僅供參考,若與英文版本牴觸,應以英文版本為準。

使用標準程序安裝Astra Control Center

貢獻者

若要安裝Astra Control Center、請從NetApp支援網站下載安裝套件、並執行下列步驟、在您的環境中安裝Astra Control Center操作員和Astra Control Center。您可以使用此程序、在連線網際網路或無線環境中安裝Astra Control Center。

對於Red Hat OpenShift環境、您也可以使用 "替代程序" 使用OpenShift作業系統集線器安裝Astra Control Center。

您需要的產品
關於這項工作

Astra Control Center安裝程序會執行下列作業:

  • 將Astra元件安裝到「NetApp-acc」(或自訂命名)命名空間。

  • 建立預設帳戶。

  • 為此Astra Control Center執行個體建立預設的管理使用者電子郵件地址和預設的一次性密碼「ACC-<UUUID__of_installation_>」。此使用者被指派系統中的擁有者角色、第一次登入UI時即需要此角色。

  • 協助您判斷所有Astra Control Center Pod都在執行中。

  • 安裝Astra UI。

註 如果您使用的是Red Hat的Podman、而非Docker Engine、則可使用Podman命令來取代Docker命令。
重要 請勿在整個安裝程序期間執行下列命令、以免刪除所有Astra Control Center Pod:「kubecl DELETE -f Astra _control_center_oper_deploy。yaml」
步驟

若要安裝Astra Control Center、請執行下列步驟:

執行以完成部署 "設定工作"

下載Astra Control Center套裝組合

  1. 請從下載Astra Control Center套裝組合(「Astra控制中心-[版本].tar.gz」) "NetApp 支援網站"

  2. 從下載Astra Control Center認證與金鑰的壓縮檔 "NetApp 支援網站"

  3. (可選)使用以下命令驗證套件的簽名:

    openssl dgst -sha256 -verify astra-control-center[version].pub -signature <astra-control-center[version].sig astra-control-center[version].tar.gz

解壓縮套件並變更目錄

  1. 擷取影像:

    tar -vxzf astra-control-center-[version].tar.gz
  2. 變更至Astra目錄。

    cd astra-control-center-[version]

將映像新增至本機登錄

  1. 將Astra Control Center映像目錄中的檔案新增至本機登錄。

    註 請參閱以下自動載入影像的範例指令碼。
    1. 登入您的登錄:

      Docker:

      docker login [your_registry_path]

      Podcast:

      podman login [your_registry_path]
    2. 使用適當的指令碼來載入映像、標記映像、並[Subforte_image_local_register_pip]將映像推送到本機登錄:

      Docker:

      export REGISTRY=[Docker_registry_path]
      for astraImageFile in $(ls images/*.tar) ; do
        # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
        astraImage=$(docker load --input ${astraImageFile} | sed 's/Loaded image: //')
        astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
        # Tag with local image repo.
        docker tag ${astraImage} ${REGISTRY}/${astraImage}
        # Push to the local repo.
        docker push ${REGISTRY}/${astraImage}
      done

      Podcast:

    export REGISTRY=[Registry_path]
    for astraImageFile in $(ls images/*.tar) ; do
      # Load to local cache. And store the name of the loaded image trimming the 'Loaded images: '
      astraImage=$(podman load --input ${astraImageFile} | sed 's/Loaded image(s): //')
      astraImage=$(echo ${astraImage} | sed 's!localhost/!!')
      # Tag with local image repo.
      podman tag ${astraImage} ${REGISTRY}/${astraImage}
      # Push to the local repo.
      podman push ${REGISTRY}/${astraImage}
    done

設定具有驗證需求之登錄的命名空間和機密

  1. 如果您使用需要驗證的登錄、則需要執行下列動作:

    1. 建立「NetApp-acc operator:

      kubectl create ns netapp-acc-operator

      回應:

      namespace/netapp-acc-operator created
    2. 建立「NetApp-acc operator」命名空間的秘密。新增Docker資訊並執行下列命令:

      kubectl create secret docker-registry astra-registry-cred -n netapp-acc-operator --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]

      回應範例:

      secret/astra-registry-cred created
    3. 建立「NetApp-acc」(或自訂命名)命名空間。

      kubectl create ns [netapp-acc or custom namespace]

      回應範例:

      namespace/netapp-acc created
    4. 為「NetApp-acc」(或自訂命名)命名空間建立秘密。新增Docker資訊並執行下列命令:

      kubectl create secret docker-registry astra-registry-cred -n [netapp-acc or custom namespace] --docker-server=[your_registry_path] --docker-username=[username] --docker-password=[token]

      回應

    secret/astra-registry-cred created

安裝Astra Control Center操作員

  1. 編輯Astra Control Center營運者部署Yaml(「Astra _control_center_operer_deploy」、以參照您的本機登錄和機密。

    vim astra_control_center_operator_deploy.yaml
    1. 如果您使用需要驗證的登錄、請將預設行「imagePullSecrets:[]」改為:

      imagePullSecrets:
      - name: <name_of_secret_with_creds_to_local_registry>
    2. 將「kube-RBAC代理」映像的「[your _register_path]」變更為您將映像推入的登錄路徑 上一步

    3. 將「acc oper-manager-manager」映像的「[your _register_path]」變更為您將映像推入的登錄路徑 上一步

    4. (若為使用Astra Data Store預覽的安裝)請參閱此已知問題 "儲存類別資源配置工具、以及您需要對Y反 洗錢進行的其他變更"

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        labels:
          control-plane: controller-manager
        name: acc-operator-controller-manager
        namespace: netapp-acc-operator
      spec:
        replicas: 1
        selector:
          matchLabels:
            control-plane: controller-manager
        template:
          metadata:
            labels:
              control-plane: controller-manager
          spec:
            containers:
            - args:
              - --secure-listen-address=0.0.0.0:8443
              - --upstream=http://127.0.0.1:8080/
              - --logtostderr=true
              - --v=10
              image: [your_registry_path]/kube-rbac-proxy:v4.8.0
              name: kube-rbac-proxy
              ports:
              - containerPort: 8443
                name: https
            - args:
              - --health-probe-bind-address=:8081
              - --metrics-bind-address=127.0.0.1:8080
              - --leader-elect
              command:
              - /manager
              env:
              - name: ACCOP_LOG_LEVEL
                value: "2"
              image: [your_registry_path]/acc-operator:[version x.y.z]
              imagePullPolicy: IfNotPresent
            imagePullSecrets: []
  2. 安裝Astra Control Center操作員:

    kubectl apply -f astra_control_center_operator_deploy.yaml

    回應範例:

    namespace/netapp-acc-operator created
    customresourcedefinition.apiextensions.k8s.io/astracontrolcenters.astra.netapp.io created
    role.rbac.authorization.k8s.io/acc-operator-leader-election-role created
    clusterrole.rbac.authorization.k8s.io/acc-operator-manager-role created
    clusterrole.rbac.authorization.k8s.io/acc-operator-metrics-reader created
    clusterrole.rbac.authorization.k8s.io/acc-operator-proxy-role created
    rolebinding.rbac.authorization.k8s.io/acc-operator-leader-election-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-manager-rolebinding created
    clusterrolebinding.rbac.authorization.k8s.io/acc-operator-proxy-rolebinding created
    configmap/acc-operator-manager-config created
    service/acc-operator-controller-manager-metrics-service created
    deployment.apps/acc-operator-controller-manager created

設定Astra控制中心

  1. 編輯Astra Control Center自訂資源(CR)檔案(「Astra_control_center_min.yaml」)、以建立帳戶、AutoSupport 供參考、登錄及其他必要的組態:

    註 如果您的環境需要額外的自訂功能、您可以使用「Astra_control_center.yaml」作為替代的CR。「Astra_control_center_min.yaml」是預設的CR、適用於大部分的安裝。
    vim astra_control_center_min.yaml
    註 在初始Astra Control Center部署之後、無法變更由CR設定的內容。
    重要 如果您使用不需要授權的登錄、則必須刪除「imageRegistry」中的「秘密」行、否則安裝將會失敗。
    1. 將「[your _register_path](您的登錄路徑)」變更為您在上一個步驟中推送影像的登錄路徑。

    2. 將「帳戶名稱」字串變更為您要與帳戶建立關聯的名稱。

    3. 將「astraAddress」字串變更為您要在瀏覽器中用來存取Astra的FQDN。請勿在地址中使用「http://」或「https://」。複製此FQDN以供在中使用 後續步驟

    4. 將「電子郵件」字串變更為預設的初始系統管理員地址。複製此電子郵件地址以供在中使用 後續步驟

    5. 如果網站沒有網際網路連線、請將AutoSupport 「已註冊」改為「假」、否則連線網站則保留「真」。

    6. (選用)新增與帳戶相關之使用者的名字「firstName」和姓氏「lastName」。您可以在UI中立即或稍後執行此步驟。

    7. (可選)如果安裝需要、請將「儲存類別」值變更為另一個Astra Trident StorageClass資源。

    8. (若為使用Astra Data Store預覽的安裝)請參閱此已知問題 "其他必要變更" 至Yaml。

    apiVersion: astra.netapp.io/v1
    kind: AstraControlCenter
    metadata:
      name: astra
    spec:
      accountName: "Example"
      astraVersion: "ASTRA_VERSION"
      astraAddress: "astra.example.com"
      autoSupport:
        enrolled: true
      email: "[admin@example.com]"
      firstName: "SRE"
      lastName: "Admin"
      imageRegistry:
        name: "[your_registry_path]"
        secret: "astra-registry-cred"
      storageClass: "ontap-gold"

完整的Astra控制中心和操作員安裝

  1. 如果您尚未在上一步中執行此操作、請建立「NetApp-acc」(或自訂)命名空間:

    kubectl create ns [netapp-acc or custom namespace]

    回應範例:

    namespace/netapp-acc created
  2. 在「NetApp-acc」(或您的自訂)命名空間中安裝Astra Control Center:

    kubectl apply -f astra_control_center_min.yaml -n [netapp-acc or custom namespace]

    回應範例:

    astracontrolcenter.astra.netapp.io/astra created

驗證系統狀態

註 如果您偏好使用OpenShift、您可以使用相似的相關命令來進行驗證步驟。
  1. 驗證是否已成功安裝所有系統元件。

    kubectl get pods -n [netapp-acc or custom namespace]

    每個Pod的狀態應為「執行中」。部署系統Pod可能需要幾分鐘的時間。

    回應範例:

    NAME                                       READY   STATUS    RESTARTS   AGE
    acc-helm-repo-5f75c5f564-bzqmt             1/1     Running   0          11m
    activity-6b8f7cccb9-mlrn4                  1/1     Running   0          9m2s
    api-token-authentication-6hznt             1/1     Running   0          8m50s
    api-token-authentication-qpfgb             1/1     Running   0          8m50s
    api-token-authentication-sqnb7             1/1     Running   0          8m50s
    asup-5578bbdd57-dxkbp                      1/1     Running   0          9m3s
    authentication-56bff4f95d-mspmq            1/1     Running   0          7m31s
    bucketservice-6f7968b95d-9rrrl             1/1     Running   0          8m36s
    cert-manager-5f6cf4bc4b-82khn              1/1     Running   0          6m19s
    cert-manager-cainjector-76cf976458-sdrbc   1/1     Running   0          6m19s
    cert-manager-webhook-5b7896bfd8-2n45j      1/1     Running   0          6m19s
    cloud-extension-749d9f684c-8bdhq           1/1     Running   0          9m6s
    cloud-insights-service-7d58687d9-h5tzw     1/1     Running   2          8m56s
    composite-compute-968c79cb5-nv7l4          1/1     Running   0          9m11s
    composite-volume-7687569985-jg9gg          1/1     Running   0          8m33s
    credentials-5c9b75f4d6-nx9cz               1/1     Running   0          8m42s
    entitlement-6c96fd8b78-zt7f8               1/1     Running   0          8m28s
    features-5f7bfc9f68-gsjnl                  1/1     Running   0          8m57s
    fluent-bit-ds-h88p7                        1/1     Running   0          7m22s
    fluent-bit-ds-krhnj                        1/1     Running   0          7m23s
    fluent-bit-ds-l5bjj                        1/1     Running   0          7m22s
    fluent-bit-ds-lrclb                        1/1     Running   0          7m23s
    fluent-bit-ds-s5t4n                        1/1     Running   0          7m23s
    fluent-bit-ds-zpr6v                        1/1     Running   0          7m22s
    graphql-server-5f5976f4bd-vbb4z            1/1     Running   0          7m13s
    identity-56f78b8f9f-8h9p9                  1/1     Running   0          8m29s
    influxdb2-0                                1/1     Running   0          11m
    krakend-6f8d995b4d-5khkl                   1/1     Running   0          7m7s
    license-5b5db87c97-jmxzc                   1/1     Running   0          9m
    login-ui-57b57c74b8-6xtv7                  1/1     Running   0          7m10s
    loki-0                                     1/1     Running   0          11m
    monitoring-operator-9dbc9c76d-8znck        2/2     Running   0          7m33s
    nats-0                                     1/1     Running   0          11m
    nats-1                                     1/1     Running   0          10m
    nats-2                                     1/1     Running   0          10m
    nautilus-6b9d88bc86-h8kfb                  1/1     Running   0          8m6s
    nautilus-6b9d88bc86-vn68r                  1/1     Running   0          8m35s
    openapi-b87d77dd8-5dz9h                    1/1     Running   0          9m7s
    polaris-consul-consul-5ljfb                1/1     Running   0          11m
    polaris-consul-consul-s5d5z                1/1     Running   0          11m
    polaris-consul-consul-server-0             1/1     Running   0          11m
    polaris-consul-consul-server-1             1/1     Running   0          11m
    polaris-consul-consul-server-2             1/1     Running   0          11m
    polaris-consul-consul-twmpq                1/1     Running   0          11m
    polaris-mongodb-0                          2/2     Running   0          11m
    polaris-mongodb-1                          2/2     Running   0          10m
    polaris-mongodb-2                          2/2     Running   0          10m
    polaris-ui-84dc87847f-zrg8w                1/1     Running   0          7m12s
    polaris-vault-0                            1/1     Running   0          11m
    polaris-vault-1                            1/1     Running   0          11m
    polaris-vault-2                            1/1     Running   0          11m
    public-metrics-657698b66f-67pgt            1/1     Running   0          8m47s
    storage-backend-metrics-6848b9fd87-w7x8r   1/1     Running   0          8m39s
    storage-provider-5ff5868cd5-r9hj7          1/1     Running   0          8m45s
    telegraf-ds-dw4hg                          1/1     Running   0          7m23s
    telegraf-ds-k92gn                          1/1     Running   0          7m23s
    telegraf-ds-mmxjl                          1/1     Running   0          7m23s
    telegraf-ds-nhs8s                          1/1     Running   0          7m23s
    telegraf-ds-rj7lw                          1/1     Running   0          7m23s
    telegraf-ds-tqrkb                          1/1     Running   0          7m23s
    telegraf-rs-9mwgj                          1/1     Running   0          7m23s
    telemetry-service-56c49d689b-ffrzx         1/1     Running   0          8m42s
    tenancy-767c77fb9d-g9ctv                   1/1     Running   0          8m52s
    traefik-5857d87f85-7pmx8                   1/1     Running   0          6m49s
    traefik-5857d87f85-cpxgv                   1/1     Running   0          5m34s
    traefik-5857d87f85-lvmlb                   1/1     Running   0          4m33s
    traefik-5857d87f85-t2xlk                   1/1     Running   0          4m33s
    traefik-5857d87f85-v9wpf                   1/1     Running   0          7m3s
    trident-svc-595f84dd78-zb8l6               1/1     Running   0          8m54s
    vault-controller-86c94fbf4f-krttq          1/1     Running   0          9m24s
  2. (選用)若要確保安裝完成、您可以使用下列命令來查看「acc operator」記錄。

    kubectl logs deploy/acc-operator-controller-manager -n netapp-acc-operator -c manager -f
  3. 當所有Pod都在執行時、請擷取由Astra Control Center營運者安裝的「適用鍵盤」執行個體、以驗證安裝是否成功。

    kubectl get acc -o yaml -n [netapp-acc or custom namespace]
  4. 請查看回應中的「tatus.deploymentState`」欄位、以取得「部署」值。如果部署失敗、則會改為顯示錯誤訊息。

    註 您將在下一步中使用「uuid」。
    name: astra
       namespace: netapp-acc
       resourceVersion: "104424560"
       selfLink: /apis/astra.netapp.io/v1/namespaces/netapp-acc/astracontrolcenters/astra
       uid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f
     spec:
       accountName: Example
       astraAddress: astra.example.com
       astraVersion: 21.12.60
       autoSupport:
         enrolled: true
         url: https://support.netapp.com/asupprod/post/1.0/postAsup
       crds: {}
       email: admin@example.com
       firstName: SRE
       imageRegistry:
         name: registry_name/astra
         secret: astra-registry-cred
       lastName: Admin
     status:
       accConditionHistory:
         items:
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:23:59Z"
             message: Deploying is currently in progress.
             reason: InProgress
             status: "False"
             type: Ready
           generation: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           timestamp: "2021-11-23T02:23:59Z"
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:23:59Z"
             message: Deploying is currently in progress.
             reason: InProgress
             status: "True"
             type: Deploying
           generation: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           timestamp: "2021-11-23T02:23:59Z"
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:29:41Z"
             message: Post Install was successful
             observedGeneration: 2
             reason: Complete
             status: "True"
             type: PostInstallComplete
           generation: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           timestamp: "2021-11-23T02:29:41Z"
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:29:41Z"
             message: Deploying succeeded.
             reason: Complete
             status: "False"
             type: Deploying
           generation: 2
           observedGeneration: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           observedVersion: 21.12.60
           timestamp: "2021-11-23T02:29:41Z"
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:29:41Z"
             message: Astra is deployed
             reason: Complete
             status: "True"
             type: Deployed
           generation: 2
           observedGeneration: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           observedVersion: 21.12.60
           timestamp: "2021-11-23T02:29:41Z"
         - astraVersion: 21.12.60
           condition:
             lastTransitionTime: "2021-11-23T02:29:41Z"
             message: Astra is deployed
             reason: Complete
             status: "True"
             type: Ready
           generation: 2
           observedGeneration: 2
           observedSpec:
             accountName: Example
             astraAddress: astra.example.com
             astraVersion: 21.12.60
             autoSupport:
               enrolled: true
               url: https://support.netapp.com/asupprod/post/1.0/postAsup
             crds: {}
             email: admin@example.com
             firstName: SRE
             imageRegistry:
               name: registry_name/astra
               secret: astra-registry-cred
             lastName: Admin
           observedVersion: 21.12.60
           timestamp: "2021-11-23T02:29:41Z"
       certManager: deploy
       cluster:
         type: OCP
         vendorVersion: 4.7.5
         version: v1.20.0+bafe72f
       conditions:
       - lastTransitionTime: "2021-12-08T16:19:55Z"
         message: Astra is deployed
         reason: Complete
         status: "True"
         type: Ready
       - lastTransitionTime: "2021-12-08T16:19:55Z"
         message: Deploying succeeded.
         reason: Complete
         status: "False"
         type: Deploying
       - lastTransitionTime: "2021-12-08T16:19:53Z"
         message: Post Install was successful
         observedGeneration: 2
         reason: Complete
         status: "True"
         type: PostInstallComplete
       - lastTransitionTime: "2021-12-08T16:19:55Z"
         message: Astra is deployed
         reason: Complete
         status: "True"
         type: Deployed
       deploymentState: Deployed
       observedGeneration: 2
       observedSpec:
         accountName: Example
         astraAddress: astra.example.com
         astraVersion: 21.12.60
         autoSupport:
           enrolled: true
           url: https://support.netapp.com/asupprod/post/1.0/postAsup
         crds: {}
         email: admin@example.com
         firstName: SRE
         imageRegistry:
           name: registry_name/astra
           secret: astra-registry-cred
         lastName: Admin
       observedVersion: 21.12.60
       postInstall: Complete
       uuid: 9aa5fdae-4214-4cb7-9976-5d8b4c0ce27f
    kind: List
    metadata:
     resourceVersion: ""
     selfLink: ""
  5. 若要取得登入Astra Control Center時使用的一次性密碼、請從上一步的回應中複製「stats.uuid」值。密碼為「ACC-」、後面接著UUID值(「ACC-[UUUID]」、或在本範例中為「ACC-c49008a5-4ef1-4c5d-a53e-830daf9941116」)。

登入Astra Control Center UI

安裝Astra Control Center之後、您將變更預設管理員的密碼、並登入Astra Control Center UI儀表板。

步驟
  1. 在瀏覽器中、輸入您在「Astra Address」(astrAddress)中使用的FQDN、位於「Astra控制中心_min.yaml」(當)字段中 您安裝了Astra Control Center

  2. 出現提示時、請接受自我簽署的憑證。

    註 您可以在登入後建立自訂憑證。
  3. 在Astra Control Center登入頁面中、輸入您在「Astra Control Center_min.yaml」CR中使用的「電子郵件」值 您安裝了Astra Control Center,然後是一次性密碼(「ACC-[UUUID]」)。

    註 如果您輸入錯誤密碼三次、系統將鎖定管理員帳戶15分鐘。
  4. 選擇*登入*。

  5. 出現提示時變更密碼。

    註 如果這是您第一次登入、但您忘記密碼、而且尚未建立其他管理使用者帳戶、請聯絡NetApp支援部門以取得密碼恢復協助。
  6. (選用)移除現有的自我簽署TLS憑證、並以取代 "由憑證授權單位(CA)簽署的自訂TLS憑證"

疑難排解安裝

如果有任何服務處於「錯誤」狀態、您可以檢查記錄。尋找400到500範圍內的API回應代碼。這些都表示發生故障的地點。

步驟
  1. 若要檢查Astra控制中心的操作員記錄、請輸入下列內容:

    kubectl logs --follow -n netapp-acc-operator $(kubectl get pods -n netapp-acc-operator -o name)  -c manager

下一步

執行以完成部署 "設定工作"